Differences

This shows you the differences between two versions of the page.

--- docpublic:systemes:ldap:ldap2-4 [2015/01/09 13:58]
procacci@tem-tsp.eu [references]
+++ docpublic:systemes:ldap:ldap2-4 [2015/05/07 20:45] (current)
procacci@tem-tsp.eu [lastbind rpm]
@@ Line 16: / Line 16: @@
 sys	0m15.655s
 </code>
+==== admin password ====
+generation pour la configuration slapd.conf :
+<code>
+cli : slappasswd -h <scheme> -s <secret>
+<scheme> is an RFC 2307 scheme such as {MD5}, {CRYPT} or {SSHA} (the default), and <secret> is the secret to hash, default {SSHA} ,
+The output can be copy-pasted into the LDAP configuration file for the rootpw field.
+</code>
+exemple
+<code>
+# slappasswd -h  {SSHA}  -s secret
+{SSHA}2c4m7rvutm1HrNFvthmeidRkWWLdERxQ
+</code>
@@ Line 151: / Line 169: @@
 # At least one of SLAPD_LDAP, SLAPD_LDAPI and SLAPD_LDAPS must be set to 'yes'!
 SLAPD_LDAPS=yes
+</code>
+en centos/rehl 7
+<code>
+# grep ldaps /etc/sysconfig/slapd
+# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:///
+SLAPD_URLS="ldapi:/// ldap:/// ldaps:///"
 </code>
@@ Line 204: / Line 230: @@
 ===== centos rhel 7 =====
+==== install ====
+<code>
+# yum install openldap-servers
+Installé :
+  openldap-servers.x86_64 0:2.4.39-3.el7
+Dépendances installées :
+  libtool-ltdl.x86_64 0:2.4.2-20.el7
+</code>
 activation avec systemctl
@@ Line 235: / Line 271: @@
                                           mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/servers/slapd
 Jan 09 14:56:58 japi systemd[1]: Started OpenLDAP Server Daemon.
+</code>
+===== centos 7 firewallD =====
+==== ref ====
+  * http://ktaraghi.blogspot.fr/2013/10/what-is-firewalld-and-how-it-works.html
+  * http://www.tecmint.com/configure-firewalld-in-centos-7/3/
+==== service ldap ====
+au depart, par defaul il y a le service ssh d'ouvert
+<code>
+# firewall-cmd --zone=public --list-all
+public (default, active)
+  interfaces: eth0
+  sources:
+  services: dhcpv6-client ssh
+  ports:
+  masquerade: no
+  forward-ports:
+  icmp-blocks:
+  rich rules:
+</code>
+==== liste services ====
+les services sont definit dans des fichiers xml dans une arborescence systeme
+<code>
+[root@ldap ~]# firewall-cmd --get-services
+amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https
+[root@ldap ~]# ls /usr/lib/firewalld/services/
+amanda-client.xml  dhcp.xml               http.xml        kerberos.xml     libvirt.xml  nfs.xml      pmwebapis.xml   radius.xml        ssh.xml                  vnc-server.xml
+bacula-client.xml  dns.xml                imaps.xml       kpasswd.xml      mdns.xml     ntp.xml      pmwebapi.xml    rpc-bind.xml      telnet.xml               wbem-https.xml
+bacula.xml         ftp.xml                ipp-client.xml  ldaps.xml        mountd.xml   openvpn.xml  pop3s.xml       samba-client.xml  tftp-client.xml
+dhcpv6-client.xml  high-availability.xml  ipp.xml         ldap.xml         ms-wbt.xml   pmcd.xml     postgresql.xml  samba.xml         tftp.xml
+dhcpv6.xml         https.xml              ipsec.xml       libvirt-tls.xml  mysql.xml    pmproxy.xml  proxy-dhcp.xml  smtp.xml          transmission-client.xml
+</code>
+==== rich rule ldap ====
+ajouter une regle ldap depuis une source IP
+<code>
+[root@ldap ~]# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="177.169.222.0/24" service name="ldap" accept'
+success
+[root@ldap ~]# firewall-cmd --reload
+success
+[root@ldap ~]# firewall-cmd --zone=public --list-all
+public (default, active)
+  interfaces: eth0
+  sources:
+  services: dhcpv6-client ssh
+  ports:
+  masquerade: no
+  forward-ports:
+  icmp-blocks:
+  rich rules:
+	rule family="ipv4" source address="177.169.222.0/24" service name="ldap" accept
 </code>
@@ Line 242: / Line 339: @@
   * http://itdavid.blogspot.fr/2012/05/howto-centos-6.html
   * http://ltb-project.org/wiki/documentation/openldap-rpm#yum_repository
+===== lastbind rpm =====
+integration de lastbind au package source openldap
+recuperation package source via yum
+<code>
+# yum install yum-utils
+# yumdownloader --source openldap-servers
+# ls -l openldap-2.4.39-6.el7.src.rpm
+-rw-r--r-- 1 root root 5593007 31 mars  21:19 openldap-2.4.39-6.el7.src.rpm
+</code>
+http://wiki.centos.org/HowTos/SetupRpmBuildEnvironment
+<code>
+# yum install rpm-build
+</code>
+compiler les package avec un user non privilegié
+<code>
+[root@japi ~]# useradd builder
+[root@japi ~]# su - builder
+[builder@japi ~]$ ls
+[builder@japi ~]$ mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
+[builder@japi ~]$ echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros
+</code>
+<code>
+[builder@japi ~]$ rpm -iv /tmp/openldap-2.4.39-6.el7.src.rpm
+[builder@japi ~]$ ls -l rpmbuild/SPECS/
+total 76
+-rw-rw-r-- 1 builder builder 76148 Mar  6 03:21 openldap.spec
+</code>
+dependances necessaire pour le build
+<code>
+[root@japi ~]# yum install nss-devel krb5-devel tcp_wrappers-devel unixODBC-devel glibc-devel libtool libtool-ltdl-devel groff perl-devel openssl-devel libdb-devel cracklib-devel perl-ExtUtils-Embed
+Résumé de la transaction
+=====================================================================================================
+Installation   13 Paquets (+37 Paquets en dépendance)
+Taille totale des téléchargements : 35 M
+Taille d'installation : 83 M
+</code>

docpublic/systemes/ldap/ldap2-4.1420811893.txt.gz · Last modified: 2015/01/09 13:58 by procacci@tem-tsp.eu

Show page Old revisions

[unknown link type]Back to top